<?php

class GDGE_Util_PassHash
{
	private static $saltLength = 10;
	
	/**
	 * 
	 * Hash a password
	 * @param string $username
	 * @param string $password
	 * @param string $salt
	 * @return string
	 */
	static function hash($username, $password, $salt = null) {
		if ($salt === null) {
			$salt = substr(md5(uniqid(rand(), true)), 0, self::$saltLength);
		} else {
			$salt = substr($salt, 0, self::$saltLength);
		}
		return $salt . sha1($salt . $username . $password);
	}
	
	
	/**
	 * 
	 * Compare username and password to a hash
	 * @param string $username
	 * @param string $password
	 * @param string $hash
	 * @return boolean
	 */
	static function compareToHash($username, $password, $hash) {
		$salt = substr($hash, 0, self::$saltLength);
		return $hash === self::hash($username, $password, $salt);
	}
}